RE: [WS_FTP Forum] FTPS through PIX

[Pete Simpson]

Archive available at:   http://www.mail-archive.com/[EMAIL PROTECTED]/   Are you using NAT on both ends or just one?  NAT on both ends of the connection along with SSL rarely seems to work.  Since you say you are using NOFIXUP it sounds like you're using NAT.  Because the connection is encrypted the PIX can not see the data within the FTP packets and often throws them out as invalid.  Put the WS_FTP Server on the outside of your firewall (or don't NAT it).  If you have to use a PIX on the servers side of the connection, don't define the service as FTP within the PIX, just define conduits for the required ports 21  & (in your case) 2000 - 2010.   Typical recommendation is to use port ranges 1024 to 5000, not just 2000 to 2010.   Pete -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Nuzman Sent: Tuesday, March 30, 2004 9:14 AM To: [EMAIL PROTECTED] Subject: [WS_FTP Forum] FTPS through PIX Hi, I need help getting FTP/SSL working from a WS_FTP Pro client to a WS_FTP Server through a Cisco PIX. The advice from IPSWITCH and Cisco tech support is apparently incomplete.   Passive and direct connections via clear ftp work, but error 504 occurs after accepting the certificate and negotiating the encryption key.   I already have NO FIXUP on the ftp protocol on port 21 and passive is set to use ports 2000-2010 with port forwarding for those ports on the firewall enabled. Has anyone documented how to get this to work with a PIX?   Is there an archive to this list somewhere?   Thanks,   Norris Carden Rasquel Communications LLC   [ CONFIDENTIALITY NOTICE ]